You Can Call but You Can't Hide: Detecting Caller ID Spoofing Attacks

@article{Mustafa2014YouCC,
  title={You Can Call but You Can't Hide: Detecting Caller ID Spoofing Attacks},
  author={H. Mustafa and W. Xu and A. Sadeghi and Steffen Schulz},
  journal={2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks},
  year={2014},
  pages={168-179}
}
  • H. Mustafa, W. Xu, +1 author Steffen Schulz
  • Published 2014
  • Computer Science
  • 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks
Caller ID (caller identification) is a service provided by telephone carriers to transmit the phone number and/or the name of a caller to a callee. Today, most people trust the caller ID information, and it is increasingly used to authenticate customers (e.g., by banks or credit card companies). However, with the proliferation of smartphones and VoIP, it is easy to spoof caller ID by installing corresponding Apps on smartphones or by using fake ID providers. As telephone networks are fragmented… Expand
End-to-End Detection of Caller ID Spoofing Attacks
TLDR
An SMS-based and a timing-based version of CallerDec that works with existing combinations of landlines, cellular and VoIP networks and can be deployed at the liberty of the users are designed. Expand
CEIVE: Combating Caller ID Spoofing on 4G Mobile Phones Via Callee-Only Inference and Verification
TLDR
CEIVE (Callee-only inference and verification), an effective and practical defense against caller ID spoofing, is proposed, a victim callee only solution without requiring additional infrastructure support or changes on telephony systems. Expand
Nascent: Tackling Caller-ID Spoofing in 4G Networks via Efficient Network-Assisted Validation
TLDR
Nascent, Network-assisted caller ID authentication, is proposed to validate the caller-ID used during call setup which may not match the previously-authenticated ID, and significantly reduces overhead compared to the state-of-the-art, without sacrificing effectiveness. Expand
Toward Standardization of Authenticated Caller ID Transmission
TLDR
A standardized authentication scheme for caller ID is proposed that enables the possibility of a security indicator for telecommunication and helps prevent users from falling victim to telephone spam and scams, and provides a foundation for future and existing defenses to stop unwanted telephone communication based on caller ID information. Expand
Secure Calls and Caller ID Spoofing Countermeasures Towards building a Cyber Smart Societies
the point code of the originating switch will be used rather than the number of originator which means in reverse dialing mode, call will still be spoofed. While PSTN networks are “circuit switched”Expand
Abusing Phone Numbers and Cross-Application Features for Crafting Targeted Attacks
TLDR
A novel system that takes a potential victim's phone number as an input, leverages information from applications like Truecaller and Facebook about the victim and his / her social network, checks the presence of phone number's owner (victim) on the attack channels, and targets the victim on the chosen channel is demonstrated. Expand
CallChain: Identity Authentication Based on Blockchain for Telephony Networks
TLDR
This work proposes a blockchain-based identity authentication system for telephony networks, CallChain, which provides end-to-end identity authentication between the caller and receiver in the data channel without modifying the core technologies intelephony networks. Expand
AuthentiCall: Efficient Identity and Content Authentication for Phone Calls
TLDR
This paper proves that strong and efficient end-to-end authentication for phone networks is approaching a practical reality and demonstrates that AuthentiCall can be used to provide strong authentication before calls are answered, allowing users to ignore calls claiming a particular Caller ID that are unable or unwilling to provide proof of that assertion. Expand
Phoneypot: Data-driven Understanding of Telephony Threats
TLDR
This work presents Phoneypot, a first large scale telephony honeypot, that was presented last year and detected several debt collectors and telemarketers calling patterns and an instance of a telephony denial-of-service attack. Expand
Identifying and mitigating cross-platform phone number abuse on social channels
TLDR
This work aims to detect cybercriminals / spammers that use phone numbers to spread spam on OSNs, and focuses on understanding various ways in which spammers can attack OTT messaging application users by leveraging information from OSNs. Expand
...
1
2
3
...

References

SHOWING 1-10 OF 42 REFERENCES
Authenticating displayed names in telephony
TLDR
A framework that allows each call participant to authenticate the displayed name of other parties via public name registries and International Telecommunication Union Telecom Standardization Sector (ITU-T) X.509 certificates is presented. Expand
PinDr0p: using single-ended audio features to determine call provenance
TLDR
PinDr0p is developed, a mechanism to assist users in determining call provenance - the source and the path taken by a call, and provides a first step in accurately determining the provenance of a call. Expand
Voice spoofing as an impersonation attack and the way of protection
Voice spoofing carry out in the telecommunications links is potentially one of the very dangerous and destructive attacks. This kind of attack is not such popular as the Caller identificationExpand
Real Time Cryptanalysis of A5/1 on a PC
TLDR
New attacks on A5/1 are described, which are based on subtle flaws in the tap structure of the registers, their noninvertible clocking mechanism, and their frequent resets, which make it vulnerable to hardware-based attacks by large organizations, but not to software- based attacks on multiple targets by hackers. Expand
A man-in-the-middle attack on UMTS
TLDR
A man-in-the-middle attack on the Universal Mobile Telecommunication Standard (UMTS), one of the newly emerging 3G mobile technologies, is presented, showing that an attacker can mount an impersonation attack since GSM base stations do not support integrity protection. Expand
SIP signaling security for end-to-end communication
  • K. Ono, S. Tachimoto
  • Computer Science
  • 9th Asia-Pacific Conference on Communications (IEEE Cat. No.03EX732)
  • 2003
TLDR
Two solutions that network servers help users to make end-to-end communication secure with lightweight load are presented, for mutual authentication and key management using signaling based on the IETF session initiation protocol. Expand
IP telephony: packet-based multimedia communications systems
TLDR
This book provides a comprehensive practical overview of the technology behind Internet Telephony, giving essential information to IT professionals who need to understand the background and explore the issues involved in migrating the existing telephony infrastructure to an IP based real time communication service. Expand
A study of network performance and customer behavior during direct-distance-dialing call attempts in the U.S.A.
A survey was conducted throughout the Bell System in October 1974 to gather detailed information about Direct-Distance-Dialing call attempts. The dispositions, setup times, and customer abandonmentExpand
Regulatory Status of VoIP in the Post-Brand X World
During the past several years, the Federal Communications Commission (FCC) has engaged in a series of rulemakings to determine the regulatory status of Voice over Internet Protocol (VoIP). TheExpand
UMTS security
And how this book will influence you to do better future? It will relate to how the readers will get the lessons that are coming. As known, commonly many people will believe that reading can be anExpand
...
1
2
3
4
5
...